RSA Conference Proves Why the Privacy Landscape Is Challenging

From Monday, Feb. 24 to Friday, Feb. 28, I was trapped in the bowels of the Moscone Center at the RSA Conference here and listened to vendors large and small sell their wares and preach wisdom on the state of modern IT security.

For the most part, it was an endless drumbeat of repetitive claims about enabling security and privacy in the post-Snowden era. The irony of the claims is that many were made within earshot of the exhibit hall booth from the National Security Agency (NSA), which had a decent size floor space to give out information about the agency's activities.

The U.S. government in various sessions made its cyber-security position known as well as its approach to privacy.

Hidden deep within the RSA conference, and in a timeslot that pitted it against vendor keynotes on the main stage, was a single session that for me, defined my RSA Conference experience this year. The session was a panel event titled "Watching the Watchers," and it included a who's who of government privacy leaders.

Ari Schwartz, director of cyber-security privacy at the White House, moderated the panel. Joining him were Karen Neuman, chief privacy officer at the U.S. Department of Homeland Security, as well as Erika Brown Lee, chief privacy and civil liberties officer in the U.S. Department of Justice. The final participant was Alexander Joel, civil liberties protection officer in the Office of the Director of National Intelligence.

The Snowden disclosures have led the public to believe through myriad reports that privacy is not valued by the U.S. government and in particular the NSA. The government privacy officers on stage at RSA don't hold that view. It is the job of those privacy officers to protect our privacy.

Neuman noted that she runs the largest privacy office in the federal government and that the public trust is an operational goal not an aspirational one. "We build privacy into all of our operations," she said. "We are looking at ways of enhancing privacy rather than eroding it."

During the session, a long line of conference attendees peppered the panelists with questions about how the government protects the privacy of regular Americans. One particularly intriguing question was whether privacy officers within the U.S. government are, in fact, advocates of the American people. Another question was whether the privacy officers felt they received all the information they asked for from the various government departments they serve.

Rather then dodge the questions, the panelists responded very succinctly.

"I don't feel like I have been lied to, though in some situations, it took some time to get the information I wanted," Joel said. But he added, "It would take a vast conspiracy to mislead the privacy officers of the U.S. government."

On the question of advocacy, Neuman said that it is the job of privacy officers within various branches of the U.S. government to be advocates for privacy internally within their own agencies. "It is sometimes challenging, but it's our job," Neuman said.

That's what I personally took away from the RSA Conference—the lesson of the challenging privacy landscape. The intersection of privacy and security is a minefield of complex issues that need to be navigated by tech vendors, users and governments. It is incumbent on all tech vendors and organizations to have privacy officers, and to continuously re-evaluate policies and operations to provide both privacy and security.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.